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Protecjbion of 



security critical data in networks 



1. Network system comprising at least one central unit ZE, at 
least one service unit SE physically connected with ZE and an 
arbitrary number of physically with ZE connected peripheral 
units ?El..n, wherein ZE executes at least one thread - called 
central process or thread - , SE executes at least one thread S 
- called critical service the peripheral or central units 

execute an arbitrary number of peripheral threads and wherein 
at lease one critical service can build-up or accept at least 
one standing logical bidirectional communication connection to 
or from at least one central process, and wherein on top of 
said connection (s) between the critical service (s) and the 
central process (es) no further connections can be build-up or 
accepted by threads running on SE, and wherein direct logical 
communication connections between peripheral threads running 
on a peripheral or a central unit and ZE can be established, 
such that data stored on SE is accessible for the central pro- 
cesses only via a critical service and for the peripheral pro- 
cesses only via a central process and a critical service. 

2 . Necwork system according to claim 1 wherein at least one 
central process assigns at least one logical identification to 
at least one connection to a critical service connected to 
said central process, such that a peripheral thread is able 
only with the knowledge of said logical identification (s) to 
communicate indirectly via said central process with at least 
one member out of a group of critical services, which group is 
uniquely identified by said logical identification ( s) . 
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3 . Network system according to one of the claims 1 or 2 com- 
prising at least two segments Nl and N2 , at least one central 
unit ZE physically connected with each of the segments Nl and 
N2 , at least one service unit SE in segment Nl and physically 
connected with ZE and an arbitrary number of peripheral units 
PEl..n physically connected with ZE wherein direct logical 
communication connections between peripheral threads running 
on a peripheral unit within Nl or N2 or a central unit and ZE 
can be established, whereby said central unit (s) are able to 
build-up or accept direct logical connections to or from units 
in Nl or N2 , and whereby units in Nl cannot establish direct 
logical connections to units in N2 with the exception of said 
central process (es), and whereby units in N2 cannot establish 
direct logical connections to units in Nl with the exception 
of said central process (es) , and whereby units in Nl cannot 
accept direct logical connections from units in N2 with the 
exception of said central process (es), and whereby units in N2 
cannot accept direct logical connections from units in Nl with 
the exception of said central process (es). 



4. Network system acG;ording to one of claims 1 to 3, wherein 
the central unit ZE stores authorization data AD and wherein 
at least one peripheral ohread after connecting to the central 
process Z on ZE transmits? access data to Z, and wherein Z 
checks the access rights ofXthe peripheral process by checking 
said access data against s^id authentization data AD, and 
wherein Z terminates the connection to said peripheral process 
if the result of said check of Wid access rights is negative. 

5. Network system according to ohe of claims 1 to 3 , wherein 
at least one Unit AE directly or \indirectly physically con- 
nected with central unit ZE stores ^authorization data AD and 
wherein AE executes at least one authorization thread AS able 
to build-up or accept a standing logica\ connection to or from 
Z, and wherein at least one peripheral Vhread after build-up 
of the connection to central process Z s^nds Z access data, 
and wherein Z receives said access data andy^ forwards said ac- 
cess data to AS, and wherein AS receives s^id access data. 



checks the access rights of said peripheral process by check- 
ing said access data against said authorization data AD and 
transmits the result of said check of said access rights to Z, 
and wherein Z terminates the connection to said peripheral 
process if the result of said check of said access rights is 
negative . 



6, Network system according to claim 1, wherein at least one 
central unit executes at least one thread - called logon proc- 
ess or thread - providing at all times at least one open con- 
nection endpoint identified by a fix local identification, and 
wherein no central process (es) provide open connection end- 
points without prior trigger from said logon process, and 
wherein at least one peripheral thread to connect to a central 
process (es) establishes first a connection to said logon proc- 
ess, and wherein said logon process via an arbitrary inter- 
thread- or interprocess communication medium triggers at least 
one central process to open a new connection endpoint, and 
wherein at least one of the triggered central processes opens 
for a predefined time interval a new connection endpoint with 
a local identification known to said peripheral thread, and 
wherein said peripheral thread connects to at least one of 
said opened connection endpoint (s) of at least one central 
process within said predefined time interval, and wherein all 
triggered central processes close all opened connection end- 
points to which said peripheral process did not connect to 
within said predefined time interval. 



7. Network system according to claim 6 wherein the communica- 
tion medium between at least one logon process and at least 
one central process is a standing logical connection. 



8. Network system according \ to one of the claims 6 or 7 
wherein at least one peripheralXthread transmits to the logon 
process additional access data, and wherein the logon process 
checks the access rights of said pferipheral process by check- 
ing said access data against predefined authorization data. 



and wherein said logbn process triggers at least one central 
process to open a new connection endpoint only if said 
authorization check returns a positive result. 

9. Network system accoreiing to claim 6 wherein at least one 
unit AE stores authorizatYon data, and wherein each of the 
unit(s) AE is (are) physicalVy connected to at least one cen- 
tral unit, and wherein eacnv of the unit(s) AE executes an 
authorization service AS, whi^h service is able to establish 
or to accept standing logical connections to or from at least 
one logon process and to or fromXat least one central process, 
and wherein a peripheral thread Nafter connecting to a logon 
process sends said logon process rts access data, and wherein 
said logon process forwards each connection request of a pe- 
ripheral thread together with said access data to said 
authorization service AS, and whereinXsaid authorization serv- 
ice AS checks the access rights of sadd peripheral thread by 
checking said access data against authorization data AD and in 
case of a positive result triggers at le^st one central proc- 
ess to open a new connection endpoint, and wherein at least 
one of the triggered central processes prbvides for a prede- 
fined "ime interval a new open connection endpoint with a lo- 
cal identification known to said peripheral thread, and 
wherein said peripheral thread connects to ^t least one of 
said "emporarily opened connection endpoint (h) within said 
predefined time interval, and wherein all central process (es) 
close all temporarily opened connection endpoim:s to which 
said peripheral thread did not connect to within \said prede- 
fined time interval. 

10. Network system accorodng to one of the claims 6 to 9 
wherein at least one periphery thread does not know the local 
identification of at least one\temporarily opened connection 
endpoint by at least one central process, and wherein said pe- 
ripheral thread receives said locai. identification from at 
least one logon process . 
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11. Network system according to claim 10 wherein at least one 
logon process generates at least one local identification of 
at least one connection endpoint to be provided by at least 
one of the central processes and transmits said generated lo- 
cal identification during connection build-up to at least one 
peripheral thread and to at least one central process provid- 
ing a new temporarily opened connection endpoint with said lo- 
cal identification . 

12. Network system according to claim 10 wherein at least one 
central process generates at least one local identification of 
at least one connection endpoint to be provided by at least 
one of the central processes and transmits said generated lo- 
cal identification during connection build-up via at least one 
logon process to at least one peripheral thread. 

13 . Network system according to claims 9 and 10 wherein at 
least one authorization seVvice generates at least one local 
identification of at least o^e connection endpoint to be pro- 
vided by at least one of theXcentral processes and transmits 
said generated local ident if icatsAon during connection build-up 
via an least one logon processX to at least one peripheral 
thread and to at least one central process providing at least 
one temporarily open connection enqpoint with said generated 
local identification. \ 

14 . Network system according to one of Claims 9 to 13 wherein 
at least one local identification of at ueast one temporarily 
opened connection endpoint of at least onte central process is 
generated randomly or pseudo-randomly . \ 

15. Network system according to one of claims\9 to 14 wherein 
at least one local identification of at least Vne temporarily 
opened connection endpoint of at least one centis^l process is 
transmitted in at least one encrypted message. \ 
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16. Network sysnem according to one of the claims 6 to 15 
wherein at least\ one peripheral thread does not know the 
physical address at the network interface of at least one tar- 
get central unit, and wherein said peripheral thread receives 
from at lease one \logon process the physical address of at 
least one network interface of at least one central unit exe- 
cuting at least one\ central process providing at least one 
temporarily open connection endpoint . 

17. Network system according to claim 16 wherein at least one 
logon process selects at least one central process Zl provid- 
ing at least one temporarily open connection endpoint and 
transmits the physical address of the network interface of the 
central unit executing Zl to at least one peripheral thread 
during connection build-up. 



18. Network system according to claim 16 wherein at least one 
central process selects at least one central process Zl pro- 
viding at least one temporarily open connection endpoint and 
transmits via at least one logon process the physical address 
of the network interface of the central unit executing Zl to 
at least one peripheral thread during connection build-up. 

19. Network system according to cVie of the claims 9 to 16 
wherein at least one authorization\\ service selects at least 
one central process Zl providing at least one temporarily open 
connection endpoint and transmits via\at least one logon proc- 
ess the physical address of the network interface of the cen- 
tral unit executing Zl to at least on* peripheral thread dur- 
ing connection build-up. \ 

20. Network system according to one of \ the claims 16 to 19 
wherein at least one central process is Iteelected randomly or 
pseudo - randomly . \ 



# 30 ^ 



21. Network system acccording to one of the claims 16 to 20 
wherein the physical aadress of at least one network interface 
of at least one central \init running at least one central pro- 
cess providing at least one temporarily open connection end- 
point is transmitted in enarypted form. 



22. Network system according to one of the previous claims 
wherein at least one service builds-up or accepts at least one 
standing logical connection to\ or from at least two central 
processes, and wherein said seiVice provides on at least two 
of its connections different protocols. 



23 . Network system according to one of the previous claims 
wherein at least one of the protocols of at least one- service 
can be activated during operation. 



24 . Network system according to one \of the previous claims 
wherein at least one of the protocols ^f at least one service 
can be deactivated during operation. 



25. Network system according to one of \,he claims 23 or 24 
wherein the activation or deactivation of \at least one proto- 
col of at least one service is controller by at least one 
function of at least one protocol of said service. 



26. Network system according to one of the\ previous claims 
wherein at least one function of at least one\ protocol of at 
least one service can be activated during operation. 



27. Network system according to one of the previous claims 
wherein at least one function of at least one prq^tocol of at 
least one service can be deactivated during operatic 



28. Network \sys tern according to one of the claims 26 or 27 
wherein the aa;t:ivation or deactivation of at least one func- 
tion of at least, one protocol of at least one service is con- 
trolled by at le^ast one function of at least one protocol of 
said service . \ 

29. Network system \ according to one of the previous claims 
wherein at least one\ protocol of at least one service can be 
loaded into the addressable memory space of said service dur- 
ing operation. \ 

30. Network system accoVding to one of the previous claims 
wherein at least one proaocol of at least one service can be 
removed from the addressable memory space of said service dur- 
ing operation, such that all functions of said removed proto- 
col can only be called agVin after said protocol has been 
loaded again into the addressable memory space of said serv- 
ice . \ 

31. Network system according \ to one of the claims 29 or 30 
wherein the loading or removal \ of at least one protocol of at 
least one service is controlled \by at least one function of at 
least one protocol of said serviqe . 

32. Network system according to >pne of the previous claims 
wherein at least one function of at: least one protocol of at 
least one service can be loaded into the addressable memory 
space of said service during operation. 

33. Network system according to one ©f the previous claims 
wherein at least one function of at le^t one protocol of at 
least one service can be removed from tne addressable memory 
space of said service during operation, sufch that said removed 
function can only be called again after saYd removed function 
has been loaded again into the addressable memory space of 
said service . \ 



34. Network system according to one of the claims 32 or 33 
wherein the loading or removal of at least one function of at 
least one protocol of at least one service is controlled by at 
least one function of at least one protocol of said service. 

35. Network system \according to claim 10 wherein the choice of 
a central process depends on the authorization of said periph- 
eral thread, or the number of peripheral threads connected to 
each eligible central process , or on the load of each eligible 
central process, or or\ the system demands of said peripheral 
thread, or on the qualiVy and speed of the connection between 
said peripheral thread ^d the logon central process or each 
eligible central process, \ or on the geographical position (s) 
of the eligible central unYt{s) or the peripheral unit execut- 
ing said peripheral thread,\ or on the r^=^twork topological lo- 
cation(s) of the peripheralX and eligible central unit (s) , or 
on the system topological location (s) of the peripheral thread 
or the eligible central process (es) . 

36. Network system according to\claim 16 wherein the choice of 
a central unit executing an eligible central process - called 
eligible unit - depends on the authorization of said periph- 
eral thread, or the number of peripheral threads connected to 
each eligible central process or ceVitral unit, or on the load 
of each eligible central unit, or V)n the system demands of 
said peripheral thread, or on the quality and speed of the 
connection between each eligible central process and said pe- 
ripheral thread, or on the geographical position (s) of the 
eligible central unit(s) or the peripheral unit executing said 
peripheral thread, or on the network topological location (s) 
of the peripheral and eligible central un\t (s) , or on the sys- 
tem topological location (s) of the peripheral thread or the 
eligible central unit(s) running eligible ceVtral process (es). 



